graylog ^#3

By npochet
stable

Supports: xenial bionic

Description

Installs the Graylog log management system. Connections to elasticsearch and mongodb are required for a fully functioning system. https://www.graylog.org/

Series:
xenial ›
bionic ›

Tags:
misc ›

Overview

The charm installs Graylog using the snap package.

Usage

juju deploy cs:~graylog-charmers/graylog
juju run-action --wait graylog/X show-admin-password

Graylog requires MongoDB to run and Elasticsearch to be useful.

juju deploy cs:~mongodb-charmers/mongodb
juju relate graylog:mongodb mongodb:database

juju deploy cs:~elasticsearch-charmers/elasticsearch
juju relate graylog:elasticsearch elasticsearch:client

You can then browse to http://ip-address:9000 and log in as the user "admin". The password is by default a random value so juju run-action --wait graylog/X show-admin-password must be run for admin access to the installation.

Reverseproxy Relation

Graylog supports advertising its ports to an application acting as a reverseproxy using the http relation. The port of the webUI is exposed over the relation in the all_services variable of the relation.

Note: For Graylog version 2, the API port is also exposed over the http relation. Graylog version 3 hard codes the /api/ location and uses the default port (9000) for both webUI and API.

More details on using this are in the reverseproxy instructions for the Apache2 charm.

Sample Graylog 2 vhost template for the apache2 charm:

$ cat graylog-vhost.tmpl
<Location "/">
    RequestHeader set X-Graylog-Server-URL "http://{{servername}}/api/"
    ProxyPass http://{{graylog_web}}/
    ProxyPassReverse http://{{graylog_web}}/
</Location>

<Location "/api/">
    ProxyPass http://{{graylog_api}}/api/
    ProxyPassReverse http://{{graylog_api}}/api/
</Location>

Sample Graylog 3 vhost template for the apache2 charm:

$ cat graylog-vhost.tmpl
<Location "/">
    RequestHeader set X-Graylog-Server-URL "http://{{servername}}/"
    ProxyPass http://{{graylog_web}}/
    ProxyPassReverse http://{{graylog_web}}/
</Location>

Now deploy and configure apache2 as your graylog reverse proxy:

juju deploy apache2
juju config apache2 "enable_modules='headers proxy_html proxy_http'"
juju config apache2 "vhost_http_template=$(base64 ./graylog-vhost.tmpl)"
juju expose apache2
juju relate apache2:reverseproxy graylog:website

Visit http://<apache2-public-ip> to access the Graylog web interface.

Scale out Usage

The MongoDB and Elasticsearch applications can both be scaled up or down. Graylog will reconfigure itself as needed. The Graylog charm does not yet support clustering of multiple units.

Configuration

Depending on the Elasticsearch charm used, the cluster name may not be passed to Graylog. In this case, the elasticsearch_cluster_name config option should be set.

Upgrade

Graylog may be upgraded to a different snap version by setting the channel config option. For example, switch to the latest version 3 edge snap with the following:

juju config graylog channel='3/edge'

Note: When upgrading from Graylog version 2 to version 3, please consult the upgrade guide to ensure your environment meets the minimum requirements.

If a new channel config option results in a new snap being installed, the charm will backup the previous configuration file on the graylog unit in /var/snap/graylog/common/server.conf.$prev. This may be useful if graylog needs to be reverted to a previous version in the future.

Configuration

beats_port: (int) TCP port for Beats input when relation is joined; 5044
channel: (string) Snap channel used to install/refresh the graylog snap. This option has no effect when a valid graylog.snap resource is attached.; 2/stable
elasticsearch_cluster_name: (string) If the elastic search cluster name is not passed in the relation set it here.
index_replicas: (int) Number of Elasticsearch replicas used per index in this index set.
index_retention_count: (int) Maximum number of indices to keep before deleting the oldest ones; 6
index_rotation_msg_count: (int) When rotation strategy is "msg_count", maximum number of documents in an index before it gets rotated; 20000000
index_rotation_period: (string) When rotation strategy is "time" based, rotation period (ISO8601 Duration) - How long an index gets written to before it is rotated.; P7D
index_rotation_size: (int) When rotation strategy is "size" based, maximum size of an index before it gets rotated. Defaults to 1073741824 (1GB).; 1073741824
index_rotation_strategy: (string) Type of rotation strategy ("time" based, "size" based, no. messages "msg_count").; time
index_shards: (int) Number of Elasticsearch shards used per index in this index set. Set this to '0' to let the charm automatically calculate based on how many Elasticsearch units.; 2
jvm_heap_size: (string) JVM Heap memory size (default 1G); 1G
log_inputs: (string) YAML-formatted list of log inputs. First input gets passed through relations. Any input not defined here will be removed unless it is prefixed with "Custom" in the title.
nagios_context: (string) Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.; juju
nagios_servicegroups: (string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup.
nagios_uncommitted_crit: (int) Number of journaled uncommitted messages that will generate a nagios CRITICAL alert; 2048
nagios_uncommitted_warn: (int) Number of journaled uncommitted messages that will generate a nagios WARN; 1024
rest_transport_uri: (string) If set, this will be promoted in the cluster discovery APIs. You will need to define this if your Graylog server is running behind a HTTP proxy that is rewriting the scheme, host name, or URI. This must not contain a wildcard address (0.0.0.0). For Graylog 2, this usually takes the form http://10.0.0.1:9001/api/. For Graylog 3 and higher, this is known as the 'http_publish_uri' and looks like http://10.0.0.1:9000/.
snap_proxy: (string) DEPRECATED. Use snap-http-proxy and snap-https-proxy model configuration settings. HTTP/HTTPS web proxy for Snappy to use when accessing the snap store.
snap_proxy_url: (string) DEPRECATED. Use snap-store-proxy model configuration setting. The address of a Snap Store Proxy to use for snaps e.g. http://snap-proxy.example.com
snapd_refresh: (string) How often snapd handles updates for installed snaps. The default (an empty string) is 4x per day. Set to "max" to check once per month based on the charm deployment date. You may also set a custom string as described in the 'refresh.timer' section here: https://forum.snapcraft.io/t/system-options/87
web_endpoint_uri: (string) If set, this will be published as the external address for connecting to the REST API of the Graylog server. Web interface clients need to be able to connect to this for the web interface to work. In version 2, Graylog will set the default value to 'rest_transport_uri' if defined; otherwise it will select the first non-loopback IPv4 address on port 9001. Example: http://10.0.0.1:9001/ In version 3, Graylog refers to this option as 'http_external_uri' with the default value being 'rest_transport_uri' if defined; otherwise it will select the first non-loopback IPv4 address on port 9000. Example: http://10.0.0.1:9000/
web_listen_uri: (string) The uri the web interface will be available at. In version 3 and higher, this is used for and converted to the appropriate format for the 'http_bind_address' config value.; http://0.0.0.0:9000/